[jdev] [Fwd: Alertbox: Stop Password Masking]
Peter Saint-Andre
stpeter at stpeter.im
Wed Jun 24 10:00:48 CDT 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 6/24/09 8:54 AM, Norman Rasmussen wrote:
> I would normally reply on the article, but it seems it doesn't have
> comment functionality.
>
> Jakob Nielsen's Alertbox for June 23 is now online, Summary:
>
> Usability suffers when users type in passwords and the only feedback
> they get is a row of bullets. Typically, masking passwords doesn't even
> increase security, but it does cost you business due to login failures.
>
> - ----------------------------------
>
>
> What about my co-worker peering over my shoulder while I type in my
> password?
That's a physical security attack and can be dealt with accordingly. :)
> To be honest this is where single-sign-on systems like OpenID are
> better, because you delegate authentication somewhere else (that
> hopefully you already have a session key for).
I don't trust OpenID, although I would like to move to password-less
logins for XMPP (e.g., your client generates a cert when you create an
account and registers that cert with your server). But perhaps that's a
topic for a separate thread...
Peter
- --
Peter Saint-Andre
https://stpeter.im/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkpCP6AACgkQNL8k5A2w/vxPoACgnE3+tfrv+QlITc0YCrPgIPdN
FpoAmgPDlPrmDzTK5JaYtDBxNgSF/7KI
=Yt2d
-----END PGP SIGNATURE-----
More information about the JDev
mailing list